diff options
| -rw-r--r-- | app/controllers/uploader_controller.rb | 9 | ||||
| -rw-r--r-- | config/credentials.yml.enc | 2 |
2 files changed, 8 insertions, 3 deletions
| diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb index 72d4c2e..f092b29 100644 --- a/app/controllers/uploader_controller.rb +++ b/app/controllers/uploader_controller.rb | |||
| @@ -14,8 +14,13 @@ class UploaderController < ApplicationController | |||
| 14 | login = request.headers["X-User-Login"].presence | 14 | login = request.headers["X-User-Login"].presence |
| 15 | token = request.headers["X-User-Token"].presence | 15 | token = request.headers["X-User-Token"].presence |
| 16 | 16 | ||
| 17 | # TODO: Replace this. | 17 | unless login == Rails.application.credentials.uploader_username |
| 18 | unless authenticate_pokeviewer(login, token) | 18 | head :unauthorized |
| 19 | end | ||
| 20 | |||
| 21 | unless ActiveSupport::SecurityUtils.secure_compare( | ||
| 22 | ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token), | ||
| 23 | ::Digest::SHA256.hexdigest(token)) | ||
| 19 | head :unauthorized | 24 | head :unauthorized |
| 20 | end | 25 | end |
| 21 | end | 26 | end |
| diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc index 892da90..978f5bf 100644 --- a/config/credentials.yml.enc +++ b/config/credentials.yml.enc | |||
| @@ -1 +1 @@ | |||
| a80N/OS2zsSVSokXt4rDedH25GrVioPd1iPqhBeIORy2DmpN+dpn8rD4klvB8gBvoL6KCI5DH0hWdLQVyXDi14Zv/wL0K84bQGElmtKuF3jFOLfJDKW2YrqA+x1IniGpQtKtIBnHmuHa5K5tincoV6ob/LHqaMHta5vOPIWHjIFgDd/EOOJD/NRNwIc+oC6yR2nVJhzhyGDNZg7btI0/4QFrQR5IXg1LAluv8YcmE7FzcYhM2khEyvAe7tBwwOA1wf6z5SHXrcCy1VJLYg0Ph0lVt9zFXTpdXvEZt4AZsf1WP7uJ44MVRzus2nJWQ+m5BaxCIuYIEpTd0tanGbTcmpA7EjO33IMEr/fGde0Ztx1XHPcXyZo35rCKxqrqFtOrj0N0GzzIj68gIQkwVGWSvR64/xsn--wOLF0LajEZbe+4bt--tZvMCBw1brR32eeI3v9oHw== \ No newline at end of file | E7kTejJXW9KIN8TBmhXXBlgqWpftPLNIea0NYzGwsQ3ZO/DKM3HawiiNhci6gEUj5okG59VFWy8tDT5cKskSm9RQa3xa9rFmDZNO8Tm0iay5E4rC+j4u4ypu0BzPyc6z0jn+uQci8lF8B0waZmTX0S+hQbB3JeBhU3M8N/gYCdDsSTUElCKwB3DuUmI08uR0BKhUYHI/STzo17aJt2DGheRoXBy4ZUDJfudszJKi19vujGKfrpZDh+87bObdfdYQelBT4aP4bbIuvbd4IGl4+YPycJwc9ySRs9n/E5sPrvOqvMDlN0CPRTs8RyIpmBki9MIGryYb9OnN7eBiLClUa2XUWGTeUb/qmiIEPpZ1yhAFWuuHpDB9oIH7dr3kFb3IW9TLlL1K726KYz1hKnw0v/xLvXkjk9Dku7YlyF5lujFji1t/j5om1gBHlkAAhHYMuXsGnxMbTsL1Ss9aizpwzvgpY1Z3os5U5HgIaWRa2h/iVZ46J7K0h4H1--MLboXTxcS75HeJ7H--O5eVtUYXgh+x8lx89p/eWQ== \ No newline at end of file | ||